Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

Intended to strike a balance between the right of individuals to protect their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances

Two key concepts underlying privacy legislation

reasonable person test - “an organization must consider what a reasonable person would consider appropriate in the circumstances”

OTTAWA, April 17, 2000—A major improvement in the laws protecting Canadians' privacy rights results from the passage of the Personal Information Protection and Electronic Documents Act, says Bruce Phillips, Privacy Commissioner of Canada. The Act – which received Royal Assent April 13 and comes into force on January 1, 2001 – establishes for the first time a comprehensive national set of rules which govern the collection, use and disclosure of personal information in the commercial world."

"The right to privacy is one of the essential underpinnings of human dignity and autonomy in our democratic society," said Bruce Phillips, the Privacy Commissioner of Canada since 1991. "I am

delighted that Parliament has endorsed as a fundamental civil right our ability to control what others can learn about us. At the same time, the Act also respects legitimate business needs to gather and use personal information and will protect Canada's international markets by bringing our privacy standards into line with those of our European trading partners."

PIPEDA was a response to the European Union’s personal data protection directive (preventing transfers of personal data between EU members and jurisdictions without “adequate” privacy protections - PIPEDA declared adequate in December, 2001), e-commerce and public opinion in Canada

PIPEDA - in respect of the collection, use or disclosure of personal information (including employee personal information in the case of a federal work, undertaking or business) by organizations in the course of commercial activities

PIPA - in respect of the collection, use or disclosure of personal information (including employee personal information) by organizations occurring within BC to the extent PIPEDA does not apply (i.e. non-commercial activities; provincially regulated employees)

* Assuming PIPEDA is constitutionally valid and PIPA is not declared substantially similar. If PIPA is declared substantially similar then PIPA rather than PIPEDA will apply to the collection, use or disclosure of personal information by organizations in the course of commercial activities

Currently both PIPA and PIPEDA apply in BC and Industry Canada has not identified any substantive issues to PIPA being declared substantially similar to PIPEDA (although the former federal privacy commissioner has). In practical terms, an organization in compliance with PIPA with respect to the collection, use and disclosure of personal information in the course of commercial activities will generally be in compliance with PIPEDA.

PIPEDA applies to every organization in respect of personal information it collects, uses or discloses in the course of commercial activities, or about an employee in connection with the operation of a federal work, undertaking or business, except

“personal information” means information about an identifiable individual and includes

“employee personal information” - personal information about an individual collected, used or disclosed solely for purposes reasonably required to establish, manage or terminate an employment relationship between the organization and that individual

“contact information” - information to enable an individual at a place of business to be contacted, including the name, position name or title, business telephone number, business address, business e-mail or business fax number of the individual, or

”work product information” - information prepared or collected by an individual as a part of the individual’s responsibilities or activities related to the individual’s employment or business but does not include personal information about an individual who did not prepare or collect the personal information

PIPA and PIPEDA share a similar definition of personal information, but PIPA specifically distinguishes employee personal information as a subset of personal information to which a special set of rules apply.

if at the time the consent is deemed to be given the purpose would be obvious to a reasonable person and the personal information is voluntarily provided for that purpose

in the case of less sensitive information, if an organization notifies the individual of its intent to collect, use or disclose personal information, gives the individual a reasonable opportunity to decline and the individual does not decline (opt-out)

an organization must protect personal information in its custody or under its control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks

includes non-disclosure agreements with employees with access to the personal information

PIPEDA - the nature of the security arrangements will depend on the sensitivity of the information and should include:

PIPA does not apply to the collection of personal information collected before January 1, 2004, but PIPA does apply with respect to the use, retention, security and disclosure of, and access to, such information

means organizations do not need to re-collect personal information already held

Sale of Organization or Business Assets

PIPA contains special provisions allowing for collection, use and disclosure, without consent, of personal information of its employees, customers, directors, officers or shareholders for purposes solely related to the proposed business transaction

PIPA - emphasis will be placed on mediation; individuals may be required to resolve disputes directly with the organization before the privacy commissioner begins or continues a review or investigation